Wordpress CVEs and Security Vulnerabilities

Filtered by vendor Wordpress Subscriptions

Filtered by product Wordpress Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11882 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-31096	2 Wordpress, Wpxpo	2 Wordpress, Postx	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through <= 4.1.25.
CVE-2025-31095	1 Wordpress	1 Wordpress	2026-04-23	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in Hossein Material Dashboard material-dashboard allows Authentication Bypass.This issue affects Material Dashboard: from n/a through <= 1.4.5.
CVE-2025-31094	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Stored XSS.This issue affects WP Posts Carousel: from n/a through <= 1.3.8.
CVE-2025-31093	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redpixelstudios RPS Include Content rps-include-content allows DOM-Based XSS.This issue affects RPS Include Content: from n/a through <= 1.2.1.
CVE-2025-31090	1 Wordpress	1 Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alordiel Dropdown Multisite selector dropdown-multisite-selector allows Stored XSS.This issue affects Dropdown Multisite selector: from n/a through < 0.9.4.
CVE-2025-31088	2 Cozmoslabs, Wordpress	2 Paid Member Subscriptions, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Stored XSS.This issue affects Paid Member Subscriptions: from n/a through <= 2.14.3.
CVE-2025-31086	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WBW Plugins Product Table by WBW woo-product-tables allows Reflected XSS.This issue affects Product Table by WBW: from n/a through <= 2.1.4.
CVE-2025-31083	2 Wordpress, Zeen101	2 Wordpress, Leaky Paywall	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZEEN101 Leaky Paywall leaky-paywall allows Stored XSS.This issue affects Leaky Paywall: from n/a through <= 4.21.7.
CVE-2025-31081	2 Shortpixel, Wordpress	2 Enable Media Replace, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace enable-media-replace allows Reflected XSS.This issue affects Enable Media Replace: from n/a through <= 4.1.5.
CVE-2025-31079	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven usermaven allows Cross Site Request Forgery.This issue affects Usermaven: from n/a through <= 1.2.1.
CVE-2025-31075	2 Videowhisper, Wordpress	2 Micropayments, Wordpress	2026-04-23	6.5 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in videowhisper MicroPayments paid-membership allows Stored XSS.This issue affects MicroPayments: from n/a through <= 2.9.29.
CVE-2025-31069	1 Wordpress	1 Wordpress	2026-04-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme hotstar allows Object Injection.This issue affects HotStar – Multi-Purpose Business Theme: from n/a through <= 1.4.
CVE-2025-31068	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars sevenstars allows Cross Site Request Forgery.This issue affects Seven Stars: from n/a through <= 1.4.4.
CVE-2025-31067	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themeton Seven Stars sevenstars allows Stored XSS.This issue affects Seven Stars: from n/a through <= 1.4.4.
CVE-2025-31066	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in themeton Acerola acerola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acerola: from n/a through <= 1.6.5.
CVE-2025-31065	1 Wordpress	1 Wordpress	2026-04-23	5.3 Medium
Missing Authorization vulnerability in themeton Rozario rozario allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rozario: from n/a through <= 1.4.
CVE-2025-31064	1 Wordpress	1 Wordpress	2026-04-23	8.1 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Vizeon - Business Consulting vizeon allows PHP Local File Inclusion.This issue affects Vizeon - Business Consulting: from n/a through < 1.2.1.
CVE-2025-31063	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in redqteam Wishlist wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist: from n/a through <= 2.1.0.
CVE-2025-31062	1 Wordpress	1 Wordpress	2026-04-23	4.3 Medium
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist wishlist allows Retrieve Embedded Sensitive Data.This issue affects Wishlist: from n/a through <= 2.1.0.
CVE-2025-31054	1 Wordpress	1 Wordpress	2026-04-23	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through <= 2.0.8.

« first previous Page 171 of 595. next last »